• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 #include "hitls_build.h"
16 #ifdef HITLS_TLS_HOST_SERVER
17 #include "tls_binlog_id.h"
18 #include "bsl_log_internal.h"
19 #include "bsl_log.h"
20 #include "bsl_err_internal.h"
21 #include "hitls_error.h"
22 #include "tls.h"
23 #include "hs_ctx.h"
24 #include "hs_msg.h"
25 #include "hs_common.h"
26 #include "pack.h"
27 #include "send_process.h"
28 #include "bsl_sal.h"
29 #ifdef HITLS_TLS_FEATURE_PHA
30 #define CERT_REQ_CTX_SIZE 32
31 #endif /* #ifdef HITLS_TLS_FEATURE_PHA */
PackAndSendCertRequest(TLS_Ctx * ctx)32 static int32_t PackAndSendCertRequest(TLS_Ctx *ctx)
33 {
34     /* get the server infomation */
35     HS_Ctx *hsCtx = (HS_Ctx *)ctx->hsCtx;
36 
37     /* determine whether to assemble a message */
38     if (hsCtx->msgLen == 0) {
39         /* assemble message */
40         int32_t ret = HS_PackMsg(ctx, CERTIFICATE_REQUEST, hsCtx->msgBuf, hsCtx->bufferLen, &hsCtx->msgLen);
41         if (ret != HITLS_SUCCESS) {
42             BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15836, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
43                 "server pack certificate request msg fail.", 0, 0, 0, 0);
44             return ret;
45         }
46     }
47 
48     return HS_SendMsg(ctx);
49 }
50 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
ServerSendCertRequestProcess(TLS_Ctx * ctx)51 int32_t ServerSendCertRequestProcess(TLS_Ctx *ctx)
52 {
53     int32_t ret;
54     ret = PackAndSendCertRequest(ctx);
55     if (ret != HITLS_SUCCESS) {
56         return ret;
57     }
58 
59     BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15837, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
60         "server send certificate request msg success.", 0, 0, 0, 0);
61 
62     /* update the state machine */
63     ctx->hsCtx->isNeedClientCert = true;
64     ctx->negotiatedInfo.certReqSendTime++;
65     return HS_ChangeState(ctx, TRY_SEND_SERVER_HELLO_DONE);
66 }
67 #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */
68 #ifdef HITLS_TLS_PROTO_TLS13
Tls13ServerSendCertRequestProcess(TLS_Ctx * ctx)69 int32_t Tls13ServerSendCertRequestProcess(TLS_Ctx *ctx)
70 {
71     int32_t ret;
72 #ifdef HITLS_TLS_FEATURE_PHA
73     if (ctx->phaState == PHA_PENDING) {
74         BSL_SAL_FREE(ctx->certificateReqCtx);
75         ctx->certificateReqCtx = BSL_SAL_Calloc(CERT_REQ_CTX_SIZE, sizeof(uint8_t));
76         if (ctx->certificateReqCtx == NULL) {
77             BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
78             BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15630, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
79                 "cert req ctx malloc fail.", 0, 0, 0, 0);
80             return HITLS_MEMALLOC_FAIL;
81         }
82         ret = SAL_CRYPT_Rand(LIBCTX_FROM_CTX(ctx), ctx->certificateReqCtx, CERT_REQ_CTX_SIZE);
83         if (ret != HITLS_SUCCESS) {
84             BSL_SAL_FREE(ctx->certificateReqCtx);
85             BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15631, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
86                 "generate random cert req ctx fail.", 0, 0, 0, 0);
87             return ret;
88         }
89         ctx->certificateReqCtxSize = CERT_REQ_CTX_SIZE;
90     }
91 #endif /* HITLS_TLS_FEATURE_PHA */
92     ret = PackAndSendCertRequest(ctx);
93     if (ret != HITLS_SUCCESS) {
94         return ret;
95     }
96 
97     BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15838, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
98         "server send tls1.3 certificate request msg success.", 0, 0, 0, 0);
99 
100     ctx->hsCtx->isNeedClientCert = true;
101     ctx->negotiatedInfo.certReqSendTime++;
102 #ifdef HITLS_TLS_FEATURE_PHA
103     if (ctx->phaState == PHA_PENDING) {
104         ctx->phaState = PHA_REQUESTED;
105         SAL_CRYPT_DigestFree(ctx->phaCurHash);
106         ctx->phaCurHash = ctx->hsCtx->verifyCtx->hashCtx;
107         ctx->hsCtx->verifyCtx->hashCtx = NULL;
108         return HS_ChangeState(ctx, TLS_CONNECTED);
109     }
110 #endif /* HITLS_TLS_FEATURE_PHA */
111     return HS_ChangeState(ctx, TRY_SEND_CERTIFICATE);
112 }
113 #endif /* HITLS_TLS_PROTO_TLS13 */
114 #endif /* HITLS_TLS_HOST_SERVER */